Bad Security Moon Rising
Nov 22, 2011 5:00 AM PT
All things considered, this past week has been hell on security professionals.
On Monday, AT&T Wireless announced that hackers used automatic scripts to target some subscribers in a bid to steal information stored in their online accounts. They apparently didn't succeed.
Hackers have breached security at utilities in Springfield, Ill., and in South Houston, Texas, in what might prove to be a sign of things to come.
Meanwhile, Norway's oil, gas and defense installations also were breached.
On the mobile front, security vendors are once again saying that Android is fast becoming a major mobile threat, echoing a warning that's growing all too familiar.
Cybermiscreants last week also made friending painful, flooding some Facebook users' accounts with porn and gore, eliciting complaints and, in some cases, cancellations.
Eager to come to grips with cybersecurity issues, the United States is seeking to criminalize violations of a given site's TOS on the one hand, and gunning for Chinese communications companies Huawei and ZTE on the other.
No Power to the People
A hacker apparently reconfigured the SCADA (supervisory control and data acquisition) system at a small water utility in Springfield, Ill., causing a pump to break down.
Another hacker, with the handle "pr0f," claimed to have cracked the system of a utility serving the city of South Houston and posted screenshots of its IT infrastructure.
SCADA systems are used in industries like electric utilities whose demands and processes aren't designed with security in mind, Joseph Weiss, managing partner at Applied Control Solutions, told TechNewsWorld.
Is Electric Utility Security a Damp Squib?
The utilities don't want to face the issue, Weiss alleged.
"I just held my latest annual conference on cyber control systems, and EPRI and NERC weren't there," Weiss said. "They don't want to hear this. It just doesn't make sense."
EPRI, the Electric Power Research Institute, is funded by electric utilities that together generate and distribute more than 90 percent of the electricity consumed in the United States. NERC,the North American Electric Reliability Corporation, ensures the reliability of the North American bulk power system.
EPRI didn't respond to requests for comment by press time.
Android's a Pain in the Mobile Device
Security experts have renewed warnings that Android malware poses a clear and present danger to mobile device users.
That's possibly tied in with the skyrocketing popularity of Android gadgets. They accounted for more than 52 percent of smartphone sales to end users worldwide in the third quarter, more than doubling market share year over year, according to Gartner.
However, they're also becoming a increasingly popular target for malware, according to recent studies produced by Juniper Networks and McAfee.
Security experts partially blame Google's laissez-faire attitude toward vetting Android apps for the maladies, and they're once again voicing concern on that issue.
Subverting Facebook Friendships
Facebook was hit hard this past week by hackers that managed to pepper some members' News Feeds with images that were gory, pornographic or, in some cases, both.
"This particular outbreak of inappropriate imagery could [lead to] a second, third or deeper wave of attacks that keep riding on one another in a never-ending cycle," Armando Carillo Jr., Web media manager at Zvelo, told TechNewsWorld.
Fly Like an Eagle
American lawmakers are responding to the multifarious cyberthreats facing the U.S.
The U.S. House of Representatives' committee on intelligence has begun investigating a possible threat from the penetration of Chinese owned-telecoms companies, including Huawei and ZTE, into U.S. telecommunications infrastructure.
Meanwhile, the U.S. Defense Department has renewed warnings that the country reserves the right to retaliate with military force against a cyberattack.
Finally, the U.S. Department of Justice has begun seeking harsher penalties for various unlawful online activities. It's also seeking to make it a crime to violate websites' terms of service, a measure that could theoretically criminalize the use of an alias when creating a profile on a site.
The DoJ told Congress that this measure's necessary in order to stop unauthorized access by insiders to sensitive information.
That has privacy advocates worried.
"There's a lot of people who, for legitimate reasons, assume a different identity online," Gregory Nojeim, director of the project on freedom for the Center for Democracy and Technology, told TechNewsWorld.